﻿<!DOCTYPE html>
<html>
<head>
    <title></title>
	<meta charset="utf-8" />
</head>
<body>
    <h1>JS-based resource owner sample</h1>
    <div>
        <label>username</label>
        <input id="username" value="bob" />
    </div>
    <div>
        <label>password</label>
        <input id="password" value="bob" />
    </div>
    <div>
        <button id="button">Get Token</button>
    </div>
    <script>
        var baseUrl = "https://localhost:44333/core/connect/";
        var tokenUrl = baseUrl + "token";
        var revokeUrl = baseUrl + "revocation";

        var client_id = "ro.client";
        var client_secret = "secret";

        document.getElementById("button").addEventListener("click", getToken, false);

        function getToken() {
            var uid = document.getElementById("username").value;
            var pwd = document.getElementById("password").value;

            var xhr = new XMLHttpRequest();
            xhr.onload = function (e) {
                console.log(xhr.status);
                console.log(xhr.response);

                var response_data = JSON.parse(xhr.response);
                if (xhr.status === 200 && response_data.access_token) {
                    revokeToken(response_data.access_token);
                }
            }
            xhr.open("POST", tokenUrl);
            var data = {
                username: uid,
                password: pwd,
                grant_type: "password",
                scope: "read write",
                //client_id: client_id,
                //client_secret:client_secret
            };
            var body = "";
            for (var key in data) {
                if (body.length) {
                    body += "&";
                }
                body += key + "=";
                body += encodeURIComponent(data[key]);
            }
            xhr.setRequestHeader("Authorization", "Basic " + btoa(client_id + ":" + client_secret));
            xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
            xhr.send(body);
        }

        function revokeToken(token) {
            var xhr = new XMLHttpRequest();
            xhr.onload = function (e) {
                console.log(xhr.status);
                console.log(xhr.response);
            }
            xhr.open("POST", revokeUrl);
            var data = {
                token: token,
                //token_type_hint:"access_token",
                //client_id: client_id,
                //client_secret:client_secret
            };
            var body = "";
            for (var key in data) {
                if (body.length) {
                    body += "&";
                }
                body += key + "=";
                body += encodeURIComponent(data[key]);
            }
            xhr.setRequestHeader("Authorization", "Basic " + btoa(client_id + ":" + client_secret));
            xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
            xhr.send(body);
        }
    </script>
</body>
</html>
